Support User Manuals

Enterasys Networks 9034385 Plumbing Product User Manual

Open as PDF

of 98

Enterasys NAC Design Guide 5-1

5

Design Procedures

ThischapterdescribesthedesignproceduresforEnterasysNACdeploymentonanenterprise

network.Thefirstsectiondiscussesproceduresforbothout‐of‐bandandinlineNAC

deployments.Thesecondsectiondiscussesproceduresfordeploymentsimplementing

assessment.Subsequentsectionspresentdesignstepsrelatingspecificallytoout‐ofband

deploymentsusingthe

NACGatewayandinlinedeploymentsusingtheNACController.

Procedures for Out-of-Band and Inline NAC

Thissectionpresentsdesignproceduresthatareapplicable tobothout‐of‐bandandinlineNAC

deployments.

1. Identify Required NetSight Applications

Asdiscussedin“NetSightManagement”onpage 1 ‐9,theEnterasysNACsolutionrequiresthe

installationoftwoapplicationsfromtheNetSightmanagementsoftwaresuite.NetSightNAC

ManagerisrequiredtocentrallymanagetheNACControllerandNACGatewayapplianceson

thenetwork.BecauseNACManagerisapluginapplicationto

NetSightConsole,itisnecessaryto

haveNetSightConsoleinstalledonaserverwithNACManager.NetSightConsoleisusedto

monitorthehealthandstatusofdevicesonthenetwork,includingtheaccesslayerswitchesand

theNACappliances.

Inaddition,NetSightPolicyManagerisrequiredforinlineNACdeployments.

PolicyManageris

usedtocentrallydefineanddistributepoliciestoallNACControllersonthenetwork.

Forout‐of‐bandNACdeploymentsthat includeEnterasyspolicy ‐enabledswitchesinthe

intelligentedge,policiesarespecifiedinNACManagerthatauthorizeconnectingend‐systems

withaparticularlevelofnetworkaccess.

Policiesare centrallydefinedanddistributedtothose

EnterasysswitchesusingPolicyManager.WithPolicyManager,policyrolesareeasilydefined

andenforcedtoallEnterasysswitchesintheentireintelligentedgeofthenetwork,fromone

centrallocation.

For information about... Refer to page...

Procedures for Out-of-Band and Inline NAC 5-1

Assessment Design Procedures 5-17

Out-of-Band NAC Design Procedures 5-19

Inline NAC Design Procedures 5-28

Additional Considerations 5-33

previous next